VMware Fusion Remote Code Execution (CVE-2019-5514)

A remote code execution vulnerability exists in VMware Fusion. Successful exploitation could lead to arbitrary code execution...

CVE-2019-5514

creationtimestamp| type| source ---|---|--- 2019-05-06 17:28:27+00:00| published-proof-of-concept| https://t.me/antichat/4783 2019-05-06 23:18:08+00:00| published-proof-of-concept| https://t.me/canyoupwnme/5488 2019-05-10 23:07:01+00:00| published-proof-of-concept|...

CVE-2019-5514

CVE-2019-5514 is a VMware Fusion vulnerability where unauthenticated APIs accessible through a web socket can be abused to trick the host user into running JavaScript on the guest via VMware Tools, potentially enabling commands on the guest. Affected product: VMware Fusion 11.x prior to 11.0.3. M...

VMWare Fusion APIs available without auth via web socket (CVE-2019-5514)

VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is...

VMSA-2019-0005 : VMware ESXi, Workstation and Fusion updates address multiple security issues

a. VMware ESXi, Workstation and Fusion UHCI out-of-bounds read/write and TOCTOU vulnerabilities VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Host Controller Interfac...